Wed Feb 7 13:22:04 2024 UTC (109d)
libgit2: updated to 1.7.2

v1.7.2
------

What's Changed

This release fixes three bugs that can cause undefined behavior when given well-crafted inputs, either in input files or over network connections. These bugs may be able to be leveraged to cause denial of service attacks or unauthorized code execution.

Two of these issues were discovered and reported by security engineers at Amazon Web Services. We thank the AWS Security team for their efforts to identify these issues, provide helpful reproduction cases, and responsibly disclose their findings.

Security fixes

* transport: safely handle messages with no caps
* revparse: fix parsing bug for trailing `@`
* index: correct index has_dir_name check


(adam)
diff -r1.74 -r1.75 pkgsrc/devel/libgit2/Makefile
diff -r1.35 -r1.36 pkgsrc/devel/libgit2/distinfo
cvs diff -r1.74 -r1.75 pkgsrc/devel/libgit2/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/libgit2/Makefile 2023/12/14 11:29:19 1.74
+++ pkgsrc/devel/libgit2/Makefile 2024/02/07 13:22:04 1.75
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.74 2023/12/14 11:29:19 wiz Exp $ 1# $NetBSD: Makefile,v 1.75 2024/02/07 13:22:04 adam Exp $
2 2
3DISTNAME= libgit2-1.7.1 3DISTNAME= libgit2-1.7.2
4PKGREVISION= 2 
5CATEGORIES= devel 4CATEGORIES= devel
6MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} 5MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/}
7GITHUB_TAG= v${PKGVERSION_NOREV} 6GITHUB_TAG= v${PKGVERSION_NOREV}
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://libgit2.org/ 9HOMEPAGE= https://libgit2.org/
11COMMENT= Portable, pure C implementation of the Git core methods 10COMMENT= Portable, pure C implementation of the Git core methods
12LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways) 11LICENSE= gnu-gpl-v2 # linking exception (linking allowed in more ways)
13 12
14USE_LANGUAGES= c99 13USE_LANGUAGES= c99
15USE_TOOLS+= pkg-config 14USE_TOOLS+= pkg-config
16 15
17CMAKE_ARGS+= -DREGEX_BACKEND="pcre2" 16CMAKE_ARGS+= -DREGEX_BACKEND="pcre2"
cvs diff -r1.35 -r1.36 pkgsrc/devel/libgit2/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/libgit2/distinfo 2023/10/19 07:19:44 1.35
+++ pkgsrc/devel/libgit2/distinfo 2024/02/07 13:22:04 1.36
@@ -1,13 +1,13 @@ @@ -1,13 +1,13 @@
1$NetBSD: distinfo,v 1.35 2023/10/19 07:19:44 wiz Exp $ 1$NetBSD: distinfo,v 1.36 2024/02/07 13:22:04 adam Exp $
2 2
3BLAKE2s (libgit2-1.7.1.tar.gz) = de2c63dc558a68962f169f7300c9884a2486d6bbb1c29c513194ad147c48a033 3BLAKE2s (libgit2-1.7.2.tar.gz) = 51be87fe3dd22b785873c4089c11d33e148814ef0d361fd9020f49b86590d2c4
4SHA512 (libgit2-1.7.1.tar.gz) = 08e60dde0cdf57006cf0c5f27a82220aba8d701bf7d6d709ffe312975ffa5dbef009ccb1e7cbe570b9502f4361d06ace44dbfd9a5f5f8ad08e9b0ca05bef765e 4SHA512 (libgit2-1.7.2.tar.gz) = 825737e4a1991fba50ea535f15b0e560ebe76ead752e04aeba36925b944d0da77fe9826a70980a1aa3d0bf9afbedfab79dd92e799c9252931384c89ebec9b012
5Size (libgit2-1.7.1.tar.gz) = 7548081 bytes 5Size (libgit2-1.7.2.tar.gz) = 7548186 bytes
6SHA1 (patch-deps_ntlmclient_ntlm.c) = 0f7645497b25f6895911cf32027e830ab73bdc55 6SHA1 (patch-deps_ntlmclient_ntlm.c) = 0f7645497b25f6895911cf32027e830ab73bdc55
7SHA1 (patch-src_libgit2_config.c) = f3c131d26bb38e86ff992eb8007ec399846a205a 7SHA1 (patch-src_libgit2_config.c) = f3c131d26bb38e86ff992eb8007ec399846a205a
8SHA1 (patch-src_libgit2_path.c) = b1f5245472ec00ff1c1c6b55b4ecdc88e1f163ac 8SHA1 (patch-src_libgit2_path.c) = b1f5245472ec00ff1c1c6b55b4ecdc88e1f163ac
9SHA1 (patch-src_libgit2_trailer.c) = d8a6e733ff963124024bfb9f7118d8e537815695 9SHA1 (patch-src_libgit2_trailer.c) = d8a6e733ff963124024bfb9f7118d8e537815695
10SHA1 (patch-src_libgit2_transports_smart__pkt.c) = 9c4c6ee17512f7bb06d02343ef0a07794361c88e 10SHA1 (patch-src_libgit2_transports_smart__pkt.c) = 9c4c6ee17512f7bb06d02343ef0a07794361c88e
11SHA1 (patch-src_util_date.c) = 47c56292b8f2483065e904f99dc51832bab0de3d 11SHA1 (patch-src_util_date.c) = 47c56292b8f2483065e904f99dc51832bab0de3d
12SHA1 (patch-src_util_str.c) = 737f658e82b00c623533181126996263a2f1df45 12SHA1 (patch-src_util_str.c) = 737f658e82b00c623533181126996263a2f1df45
13SHA1 (patch-src_util_util.h) = 54e74097b87af3c2939e7c237f1d2827101b9a72 13SHA1 (patch-src_util_util.h) = 54e74097b87af3c2939e7c237f1d2827101b9a72